From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8384A1A681B for ; Sun, 3 May 2026 00:40:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768823; cv=none; b=KsX57kb7cNbyu4YyPyXnzQkOttPayB4VpNOcYchH1MMs3Elga0TSVRDEU723TYwFyYbah/qucM3RKw0RLEebdcxH10fwvYL5r8PiCVTMP+KekEaPQqkq7DPmoLzGcSR/SyEXPL4P8GYGY5rqSfdMVkc+e441t/zJ7sbPOkx+ldA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777768823; c=relaxed/simple; bh=AbjbROxTwMYWTg+UzHy9hj2OcBSHgRB0jgWZacAHBg4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=VAvNsnIr4K/syT0uUOdzndzQioGUvo28L8u04VevCTHfffXziEg5zPZGa3ZNBkxeTB9HwC1Pfj7vuC+RQqhkFTxowBuIkal1br+OW5e3WCnix/JhVKHFGBcYpY6d+ptGTKxzG0suqVOpYT25cffvIBfw5HRVQPLwKH2FEzi8G7M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ByH5Sp9X; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ByH5Sp9X" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3F7FFC2BCB9; Sun, 3 May 2026 00:40:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777768823; bh=AbjbROxTwMYWTg+UzHy9hj2OcBSHgRB0jgWZacAHBg4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ByH5Sp9XUW6wgEkBfelr1FbqZiN+FocnyyYtlaRdnfKmPZQvORYjIiTwp9pGRUgmB wu9AriE7HWNoU/X4yhx4TYp9iRwZjYCwtk4c7ZYvSHhhrgiGa/TEeeoZ7dOgva8zDA Rkd18i56cTneTHzR5Cs/M+DI6PFmSvLkYQdG8W23e0RrYJ+qWaFN2HIT65/07uAQMn y7UlKQ1oJZTyfvvM+L3dohbEeuap1e4723fOZ01nNMmaa3+iPuzpaWlNDU/Xm6d5km hpsuOUcBU+Z1EmppNSjQHbHUfrnloxeUXxw3uYYn1H3Iln1/qju3B3o/V3CSlaAsVp NUvw+mHWQ8KrQ== From: Sasha Levin To: stable@vger.kernel.org Cc: Antoniu Miclaus , =?UTF-8?q?Nuno=20S=C3=A1?= , Andy Shevchenko , Stable@vger.kernel.org, Jonathan Cameron , Sasha Levin Subject: [PATCH 7.0.y 2/2] iio: frequency: admv1013: fix NULL pointer dereference on str Date: Sat, 2 May 2026 20:40:02 -0400 Message-ID: <20260503004002.933311-2-sashal@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260503004002.933311-1-sashal@kernel.org> References: <2026050120-elderly-headache-15ed@gregkh> <20260503004002.933311-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Antoniu Miclaus [ Upstream commit aac0a51b16700b403a55b67ba495de021db78763 ] When device_property_read_string() fails, str is left uninitialized but the code falls through to strcmp(str, ...), dereferencing a garbage pointer. Replace manual read/strcmp with device_property_match_property_string() and consolidate the SE mode enums into a single sequential enum, mapping to hardware register values via a switch consistent with other bitfields in the driver. Several cleanup patches have been applied to this driver recently so this will need a manual backport. Fixes: da35a7b526d9 ("iio: frequency: admv1013: add support for ADMV1013") Reviewed-by: Nuno Sá Signed-off-by: Antoniu Miclaus Reviewed-by: Andy Shevchenko Cc: Signed-off-by: Jonathan Cameron Signed-off-by: Sasha Levin --- drivers/iio/frequency/admv1013.c | 65 ++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/drivers/iio/frequency/admv1013.c b/drivers/iio/frequency/admv1013.c index d29e288da011a..5cea2c9887905 100644 --- a/drivers/iio/frequency/admv1013.c +++ b/drivers/iio/frequency/admv1013.c @@ -85,9 +85,9 @@ enum { }; enum { - ADMV1013_SE_MODE_POS = 6, - ADMV1013_SE_MODE_NEG = 9, - ADMV1013_SE_MODE_DIFF = 12 + ADMV1013_SE_MODE_POS, + ADMV1013_SE_MODE_NEG, + ADMV1013_SE_MODE_DIFF, }; struct admv1013_state { @@ -470,10 +470,23 @@ static int admv1013_init(struct admv1013_state *st, int vcm_uv) if (ret) return ret; - data = FIELD_PREP(ADMV1013_QUAD_SE_MODE_MSK, st->quad_se_mode); + switch (st->quad_se_mode) { + case ADMV1013_SE_MODE_POS: + data = 6; + break; + case ADMV1013_SE_MODE_NEG: + data = 9; + break; + case ADMV1013_SE_MODE_DIFF: + data = 12; + break; + default: + return -EINVAL; + } ret = __admv1013_spi_update_bits(st, ADMV1013_REG_QUAD, - ADMV1013_QUAD_SE_MODE_MSK, data); + ADMV1013_QUAD_SE_MODE_MSK, + FIELD_PREP(ADMV1013_QUAD_SE_MODE_MSK, data)); if (ret) return ret; @@ -514,37 +527,33 @@ static void admv1013_powerdown(void *data) admv1013_spi_update_bits(data, ADMV1013_REG_ENABLE, enable_reg_msk, enable_reg); } +static const char * const admv1013_input_modes[] = { + [ADMV1013_IQ_MODE] = "iq", + [ADMV1013_IF_MODE] = "if", +}; + +static const char * const admv1013_quad_se_modes[] = { + [ADMV1013_SE_MODE_POS] = "se-pos", + [ADMV1013_SE_MODE_NEG] = "se-neg", + [ADMV1013_SE_MODE_DIFF] = "diff", +}; + static int admv1013_properties_parse(struct admv1013_state *st) { int ret; - const char *str; struct device *dev = &st->spi->dev; st->det_en = device_property_read_bool(dev, "adi,detector-enable"); - ret = device_property_read_string(dev, "adi,input-mode", &str); - if (ret) - st->input_mode = ADMV1013_IQ_MODE; - - if (!strcmp(str, "iq")) - st->input_mode = ADMV1013_IQ_MODE; - else if (!strcmp(str, "if")) - st->input_mode = ADMV1013_IF_MODE; - else - return -EINVAL; + ret = device_property_match_property_string(dev, "adi,input-mode", + admv1013_input_modes, + ARRAY_SIZE(admv1013_input_modes)); + st->input_mode = ret >= 0 ? ret : ADMV1013_IQ_MODE; - ret = device_property_read_string(dev, "adi,quad-se-mode", &str); - if (ret) - st->quad_se_mode = ADMV1013_SE_MODE_DIFF; - - if (!strcmp(str, "diff")) - st->quad_se_mode = ADMV1013_SE_MODE_DIFF; - else if (!strcmp(str, "se-pos")) - st->quad_se_mode = ADMV1013_SE_MODE_POS; - else if (!strcmp(str, "se-neg")) - st->quad_se_mode = ADMV1013_SE_MODE_NEG; - else - return -EINVAL; + ret = device_property_match_property_string(dev, "adi,quad-se-mode", + admv1013_quad_se_modes, + ARRAY_SIZE(admv1013_quad_se_modes)); + st->quad_se_mode = ret >= 0 ? ret : ADMV1013_SE_MODE_DIFF; ret = devm_regulator_bulk_get_enable(dev, ARRAY_SIZE(admv1013_vcc_regs), -- 2.53.0